Windows way to Digital Learning……


Creating a Self-Signed Server Certificate

The Certificate Creation tool generates X.509 certificates for testing purposes only. It creates a public and private key pair for digital signatures and stores it in a certificate file. This tool also associates the key pair with a specified publisher’s name and creates an X.509 certificate that binds a user-specified name to the public part of the key pair.

Makecert.exe includes basic and extended options. Basic options are those most commonly used to create a certificate. Extended options provide more flexibility.

Syntax:

makecert [options] outputCertificateFile

You can find a description of all of the command line options for Makecert here.

Example:

makecert -r -pe -n “CN=contoso.com” -eku 1.3.6.1.5.5.7.3.1 -b 05/09/2012 -e 01/01/2059 -sky exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 -sv contoso.com.pvk contoso.com.cer

Download the makecert tool here.

To create a certificate using inetmgr

You can either use Internet Information Services Manager (IIS) or a command line utility called Certificate Creation Tool (makecert.exe) to create a self-signed Server Certificate.

  1. Click Start, and then click Run.
  2. Type inetmgr, and then click OK.
  3. In the left pane, click your server name to select it.
  4. In the main pane, double-click Server Certificates under the IIS section.
  5. In the Actions pane, click Create Self-Signed Certificate.
  6. In Specify a friendly name for the certificate, type a friendly name, and then click OK. You shall see a newly created certificate listed in the main pane.
  7. Close IIS Manager.

Export the Certificate

If you created the certficate using makecert.exe, you can use the certificate file.  However, if you created the certificate using IIS Manager, you must export it to a file before you can import it to Windows Certificate Store.

To export the certificate

  1. Click Start, and then click Run.
  2. Type certmgr.msc, and then click OK.
  3. In the left pane, expand Trusted Root Certification Authorities or Personal, and then expand Certificates.
  4. In the main pane, locate the certificate using the Friendly Name column.
  5. Right-click the certificate, poing to All Tasks, and then click Export.
  6. Click Next,
  7. Select No, do not export the private key, and then click Next.
  8. Select DER encoded binary X.509(.CER), and then click Next.
  9. Type the location and the file name for the certificate, and then click Next. The certificate extension is .cer.
  10. Click Finish.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud

%d bloggers like this: